1. http://www.inquisitr.com/wp-content/clouds1s-300x198.jpg SIMPLIFYING THE CLOUD – the case for federation Dr. Terry Gray Assoc VP, Technology Strategy University of Washington Microsoft CIO Summit 25 Feb 2010 http://learnandgrowtv.files.wordpress.com/2009/05/kingdom-keys1.jpg

2. http://www.jewishworldreview.com/images/key_clouds.jpg HYPOTHESIS Federation & Interoperability are key to effective collaboration in complex environments

3. http://blog.host1plus.com/wp-content/uploads/2009/08/Cloud-computing013-300x300.jpg Agenda 1. Context 2. Why the Cloud? 3. Why not? 4. Why Federation? 5. Why SAML? 6. UW case study

4. CONTEXT: Research Universities Mission: discovery & innovation Means: extreme collaboration – - Globally, at scale Culture: decentralized; diffuse authority – – Collections of many independent businesses – – A microcosm of “the Internet” “Corporations turn ideas into money; Universities turn money into ideas.” --Craig Hogan http://liu.english.ucsb.edu/wiki1/images/4/4c/Collaboration.gif

5. http://gypsycharm.com/cloud_flying_keys_bg.gif PROBLEM http://www.constratega.com/Editor/images/Jigsaw-piece_full.png ← Too many accounts → Too little interoperability Business need: improve collaboration Barrier: complexity Trap: collaboration exacerbates complexity

6. COPING WITH COMPLEXITY In diverse collaborations: --homogeneity is not an option -accounts become an N*N problem Therefore, we need: -integration via interoperability -fewer things to think about -at least... the illusion of simplicity and coherence!

7. WHY THE CLOUD? It's where our people are going Allows easier (self-service) collaboration Leverages market agility, advances Allows better use of scarce IT resources → IT Goal: any time / place / device access & collaboration → Cloud computing supports this goal

8. CLOUD CONCERNS Institutional view Operational risk Financial risk Compliance risk User view Reliability Privacy, safety, security Simplicity, interoperability

9. http://www.loc.gov/exhibits/bobhope/images/vcvg20.jpg INTEROPERABILITY example: the calendaring problem Outlook/ Exchange User IT Staff Google Calendar User

10. INTEROPERABILITY SCENARIO USERS: Mary: Outlook + BPOS-D Joe: TBird + Outlook Live Ann: Mac/Safari + Google TASKS: Schedule a meeting Create an access group Co-edit a document ISSUES: Discovering authoritative server Access or account provisioning Protocol compatibility (IMAP, CalDav) EXAMPLES: Zoho via Yahoo or Google credentials Digg via Facebook credentials EduRoam via InCommon (local creds)

11. INTEROPERABILITY ELEMENTS Data structures Transfer Protocols Discovery Protocols Identity & Access Management http://www.tcmpage.com/image/5elements_en.gif Metal

12. WHY FEDERATION? Supports interoperability Best defense against account/password proliferation Leverages institutional identity for reputation/branding Improved security: can reduce password attack surface* Convenience: helpful for both migration & steady state * cf. Thick Client Issues

13. CHOICES WS Federation / Trust Information Card OpenID OAuth Open Social SAML + Shibboleth + InCommon http://farm1.static.flickr.com/237/446791372_ec19181a63.jpg?v=0

14. FEDERATION ELEMENTS Protocol Spec: e.g. SAML Software: e.g. Shibboleth – + Geneva, others Trust Fabric: e.g. InCommon – + Nat'l Federations in 25 countries http://www.vestaingredients.com/files/building_blocks.bmp

15. WHY SAML? Security Assertion Markup Language Industry standard, with input from H-E Good support for user attributes (claims) Supports scalable multi-party trust fabrics Used in many sectors for many years Dominant in H-E sector; Big science; K12 Part of mature federation ecosystem – (SAML + Shibboleth + InCommon)

16. THICK CLIENT PROBLEM Many federation protocols designed only for web apps For web apps, service provider need not store passwords Supporting existing non-web apps means: Continuing to store passwords on cloud service, or... Exposing enterprise passwords on cloud service via proxy Convenience often trumps security

17. UW meets the Cloud

18. CLOUD APPS @ UW 64K UW users 50% of students ALREADY forward their UW email!

19. STRATEGIC PREMISES Cloud computing is a big deal UW should encourage it, modulo compliance obligations Compliance risk is reduced via partner contracts A single-vendor strategy will not work for UW Integrating faculty/staff with students is essential

20. THE PLAYING FIELD Outlook Live Google Apps BPOS-D Service Departmental Exchange/SP Servers Central Exchange/SP Servers Central IMAP & Web Servers Other cloud services The IT challenge: make collaboration work in this context! Other universities

21. LESSONS from a Dawg Free services are not free Moving targets, startup problems, service culture Cloud Conundrum: Integration adds value & cost Collaboration Barriers Multiple account madness Lack of interoperability Lack of group support Pushback Students: “Where's the beef” (vs. existing options) Faculty: privacy, security, data ownership/mining

22. NEXT STEPS Enhancing Cloud Services – Group management features – Improved calendar interoperability – SAML SSO for Outlook Live → via MS/UW Partnership Retiring On-Premise Services – Student email services – Central Exchange/Sharepoint services → via move to Microsoft BPOS-D http://www.census.gov/history/img/LessonPlanimage.jpg

23. UW – MICROSOFT PARTNERSHIP Initial Focus on SAML/Shib support for Live@eduLive@edu Assisting MS in tackling BPOS + Live@edu integrationLive@edu Crucial to our multi-platform service strategy & migration Unlike with some companies, it's a true partnership...

24. SUMMARY → The cloud enables more collaboration → Therefore we need to enable the cloud And make it work better Federated cloud services essential Use is soaring despite concerns

25. Questions http://www.geo.me/images/cloud.jpg?1249871890 Special thanks to RL “Bob” Morgan, UW's Middleware Maven!